UPDATE: SoftCom finds FinFisher software on its virtual severs and deletes customer and account for violating acceptable use policy

Toronto provider says it won’t tolerate spyware

A Toronto Web hosting company says it will demand the removal of Internet surveillance software on its servers if there’s proof customers loaded the application there.

“Because it’s a very clear violation of our acceptable use policy we would terminate those users,” Michael Carr, executive vice-president of SoftCom Inc., said in an interview Thursday.

Researchers at the University of Toronto’s Citizen Lab said this week that surveillance software called FinFisher –made by a German-based company which says it sells only to law enforcement agencies –turned up on command and control servers hosted by SoftCom here and on servers in 24 other countries.

Citizen Lab says a number of governments use FinFisher, made by a division of Gamma International GmbH and its remote monitoring product, FinSpy, against their residents.

Carr said SoftCom, whose service provider business is called myhosting.com, can’t verify that the software actually is on its servers because the Citizen Lab report only details part of IP addresses it tracked that have FinSpy signatures.

It would be impossible to scan all of its servers without the full address, Carr said. Nor can it scan for applications.

However, Carr added, if Citizen Lab gives the company the full addresses Softcom will investigate. He believes his staff have asked for the detail.
UPDATE: After getting the IP address, Carr said that on March 15 the FinFisher software was found on its servers and the account was terminated. For privacy law reasons he can’t divulge who had the account. Nor does Softcom know how much, if any, data it pulled in. He can say the software was installed sometime in the last 12 months.

It’s still a mystery who installed the software and what their target was.

It doesn’t matter if a Canadian law enforcement or intelligence agency is lawfully using the software, he added. myhosting.com’s acceptable use policy forbids “spyware or any related software that records a user’s activities without their permission and forwards that information via the Internet.”

Although the policy says violations may result in the cancelling of service, Carr was firm. “We do not as a business want that type of activity on any our servers. And we’re very clear about that.”

To read the policy click here

Carr said SoftCom staff were surprised to hear about the claim that the software is on its servers here. It only found out by reading a newspaper article Thursday morning. Citizen Lab didn’t contact the provider before publishing its report on Wednesday.

Softcom has been in business for 15 years, leasing data centre space in Toronto and the U.S. It offers domain name registration, email hosting under the Mail2Web.com brand, and virtual private server hosting services. Carr said it has over 50,000 customers.
SoftCom’s chief executive officer is Turker Sokullu, who co-founded the company along with chairman Firat Eren.
Related Download
The New Workplace: Supporting “Bring your own”							Sponsor: IBM Canada Ltd
The New Workplace: Supporting “Bring your own”
“Bring Your Own Device” (BYOD) and the “consumerization of IT” have taken hold in the enterprise, and employees using their own personal smartphones and tablets for business have become pervasive.
Register Now
Share on LinkedIn Share with Google+ Comment on this article
More Articles